Last week Cloudmark saw a Facebook Stalker scam being spread to mobile phones via SMS status updates from Facebook. Around 18% of the spam messages being filtered by Cloudmark at one mobile operator, were for this Facebook scam.
The scam starts when a Facebook user receives a status update from one of their Facebook friends who has also fallen for the scam. Here's an example of what the update looks like on a user's Facebook page:
[caption id="attachment_1205" align="aligncenter" width="511" caption="Pr0file Watcher Status Update"]
[/caption]
However, some users have their Facebook settings set to forward status updates to their email address or their mobile phone as SMS text messages. In which case, the annoying updates may arrive at the user's phone. The messages Cloudmark filtered at the mobile operator contained text that looked similar to this one:
[caption id="attachment_1231" align="aligncenter" width="263" caption="Example Text message"]
[/caption]
If the user then clicks on the shortener link, the shortner will forward them through a series of websites, until they are taken to the Facebook website. If they login to Facebook, or they are already logged in, the user is then asked to grant permission for the "PrOfile Watcher" app to access the user's profile, to post to the user's Facebook page as the user and to access the user's data.
Here's what the request for permission looks like in a web browser on a PC:
[caption id="attachment_1249" align="aligncenter" width="833" caption="Pr0filer app requests permission to access user's profile"]
[/caption]
If the user grants permission, the App will post a status update on their wall for all their Facebook friends to see, in the hopes that their friends will also click on the link. The App then asks the user to fill in a survey before they can view who is stalking them.
[caption id="attachment_1216" align="aligncenter" width="673" caption="Request to complete a survey"]
[/caption]
Clicking on the survey link takes the user to a survey page, which asks a variety of simple questions such as "How often do you check Facebook" and then requests that the user provide their email address:
Filling in the email address results in a request for even more information including home and mobile phone numbers, and permission to receive SMS text messages from the list of Marketing Partners:
The list of marketing partners varies, depending on which survey the user was asked to fill out. But some agreements include agreeing to receive phone calls on behalf of the Disney Movie Club:
[caption id="attachment_1226" align="aligncenter" width="361" caption="Example of one of the lists of Marketing Partners"]
[/caption]
Other agreements including agreeing to receive SMS text messages and receiving phone calls irrespective of the phone number's status on the US federal and state no-call registries:
There is no way for the survey to check that the phone number actually belongs to the person filling in the form. So anyone could sign up anyone else to receive phone calls and text messages.
Finally, none of this results in actually seeing a list of people who are supposedly "stalking" the Facebook profile. Here's what the app showed for a profile that had only just been created (and therefore had not been around long enough to be "stalked"):
[caption id="attachment_1234" align="aligncenter" width="612" caption="Profile Watcher Results"]
[/caption]
Facebook apps contain a link at the bottom that says "Report/contact this app" or "Report app" which a user can click to report any app to Facebook for privacy issues, inappropriate content, spam, harassment, bullying etc.
If a spam message gets sent by an app, and is forwarded to someone's mobile phone via SMS, the mobile phone subscriber can also report the text to their mobile operator by forwarding the message to 7726 (S-P-A-M).